MantisBT: master a4be76d6

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master 2015-06-24 04:52 master e118f8fc
Affected Issues  0019873: CVE-2015-5059: documentation in private projects can be seen by every user
 0020109: CVE-2015-5059: documentation in private projects can be seen by every user
Changeset

Change default threshold to view project doc to VIEWER

Previously it was ANYBODY, which would let any user download files from
any project including private ones, even when they are not part of the
team.

Fixes 0019873
mod - config_defaults_inc.php Diff File